Permalink
Browse files

added IP protocol scan test

  • Loading branch information...
1 parent 9fd7ce6 commit 4e059858de6bf4d553591c83fe022c17b3904732 @mrash committed Dec 8, 2012
Showing with 17 additions and 0 deletions.
  1. +17 −0 test/test-psad.pl
View
@@ -19,6 +19,7 @@
my $null_scan_file = 'null_scan_1000_1150';
my $ack_scan_file = 'ack_scan_1000_1150';
my $udp_scan_file = 'udp_scan_1000_1150';
+my $proto_scan_file = 'proto_scan';
my $ms_sql_server_sig_match_file = 'ms_sql_server_sig_match';
my $ipv6_ms_sql_server_sig_match_file = 'ipv6_ms_sql_server_sig_match';
my $no_ms_sql_server_sig_match_file = "$conf_dir/signatures_no_ms_sql_server_sig";
@@ -344,6 +345,22 @@
},
{
'category' => 'operations',
+ 'detail' => 'IPv4 IP protocol scan detection',
+ 'err_msg' => 'did not detect protocol scan',
+ 'positive_output_matches' => [qr/Top\s\d+\sattackers/i,
+ qr/IP\sprotocols\:\s251\,/i,
+ qr/IP\sstatus/i,
+ qr/192\.168\.10\.55/],
+ 'match_all' => $MATCH_ALL_RE,
+ 'function' => \&generic_exec,
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
+ &fw_type() . "/$proto_scan_file -c $default_conf $normal_root_override_str",
+ 'exec_err' => $NO,
+ 'fatal' => $NO
+ },
+
+ {
+ 'category' => 'operations',
'detail' => 'IPv4 ACK scan detection',
'err_msg' => 'did not detect ACK scan',
'positive_output_matches' => [qr/Top\s\d+\sattackers/i,

0 comments on commit 4e05985

Please sign in to comment.